Solved...server provider firewalls
Problem with SSL on mail server
Finally, problem exist. Any solution?
Jimmy I suggest a reverse on your network, PTR and DNS, perhaps installing the DNS Manager might help you out. I am using Mail Server 3.2 tho...
I tested to a new server with fresh installation and I have the same result. I have all mail ports open and 465 and 993 not connected from thunderbird and other smtp testers. Maybe its a bug in version 3.3, OpenSSL may not working correct. I install DNS manager, same.
Jimmy how do you make the connection? TLS? Are you accepting all certificates? Can you provide a DNS Inspection over your domain name were you are facing this problem?
If you can create a report and paste the result here we would have more data, just to check if your DNS records are correct or not.
- Please update the mail server to 4.0
- To use TLS connection, you need to configure the certificate for the domain name first
All works ok with DNS. NS are in CloudFlare so I have 97.
- Edited
I do it but I have this error on rainloop:
IMAPs port (993) works ok.
Certificate is Let's encrypt
STARTTLS works ok with the lets encrypt SSL but SSL/TLS option not.
Jimmy
Could you tell me what email client was you use?
aaPanel_Jose
Sure, Rainloop. Also I use Thunderbird and I have errors too.
In Thunderbird.
- Edited
In Rainloop all ports works except 465 for SMTP.
For Incoming none (143), STARTTLS (143), SSL/TLS (993) : Works all
For outgoing: none (25), STARTTLS (587) : works
SSL/TLS (465) not work.
Jimmy
I have searched for a long time and haven't found the problem~ Have you ever successfully used this connection method on other self-built mail servers?
aaPanel_Jose
In version 3.2 I work with SSL/TLS (465 & 993). I upgrade to 3.3 and now 4.0 and 465 not working. In 3.2 I had a SSL (lets encrypt) on main domain and in mail subdomain and in Rainloop works fine. I will do a fresh install again to another server to check again mail server.
Jimmy
Instead of Autodetect, please select Account Details. You should avoid autodetect settings always.
9 months later
- Edited
I could get it work with the following :
- my mail server is : mail.domain.com PTR: mail.domain.com
- users are register with domain : domain.com
- I created a website mail.domain.com to automatically generated SSL certificate
- once complited it generate :
1 key 1 certificate (not full chain)
then I would go to https://whatsmychaincert.com to check my certificate,
I copy past website certificate and generate full chain with root cert
I get the generated valid cert and added to my postfix config
- finally i test with openssl
openssl s_client -connect mail.domain.com:465 openssl s_client -connect mail.domain.com:993 openssl s_client -starttls smtp -connect mail.domain.com:587
and all test get me to the right point, and my email client works fine
Update
let'sencrypt store date in /www/server/panel/vhost/letsencrypt/domain.com/fullchain.pem
TL;DR
just put this information on postfix configuration:
it will be always generated automatically 1 month before expire date, thus postfix will always look for the right certificate.
never use email system in aapanel its a nightmare and if you have a good traffic its not recommend to host mail on same server
you can't find free plugins, panels to do so ...
aapanel is evolving i guess
8 months later
Are these instructions current?
I'm using Mail Server 4.5 and external clients like Gmail don't recognize SSL
Thanks for your work